New Fujitsu Laptop Reads Your Palm, For Security
I completely fail to see why this is supposed to be a good idea.
Whether it's port knocking, fingerprint reading or palm reading as in this case, can anybody point out why this is a more 'secure' authentication method than anything else?
I tend to think that a fingerprint or similar may possibly serve as a substitute for a user name, but would you want to let people sign in using usernames only, no password, ssh key or a generated one time pad? Other than that it was probably fun to make, I don't see any advantage at all to using a known constant as a substitute for the familiar user name plus password and/or other changeable secret.
Ask Slashdot: Best Open Source Project For a Router/Wi-Fi Access Point?
My money is on OpenBSD for projects like this. You get very compact base system that still has all the stuff you need in there for a project like this. And even my old PF tutorial has enough info to get you up and running.
But with the man pages and the OpenBSD FAQ you really have all the information you need at your fingertips.
Amazon: Authors Can't Review Books
There's a slight hope that they either did not include tech authors in the ban or just didn't get around to us techies just yet. When I checked just now my review of Michael W. Lucas' SSH Mastery was still available.
Huawei Offers 'Complete and Unrestricted' Source Code Access
Much like I assume a lot of other /. readers, my trust in the equipment I use to do what it's supposed to do comes from my access and ability to read the source code. There have been minor dust-ups in the open source world about allegations that other governments than China inserted back doors in widely used software, and we still see those allegations surfacing from time to time, but never with anything solid to back them up. I believe searches on the obvious keywords will turn up stories linked from here, as well as links to source code repositories of very high quality indeed.
So my advice for Huwaei is, let the world see your source code, and please set up a mechanism for reviewing your own code and patches.
Ask Slashdot: Best Way To Monitor Traffic?
If you can set up your gateway to export Netflow data, you get excellent data for tracking your traffic (connection metadata) without all the bulk of keeping a full copy of the traffic.
There's a large number of tools available for collecting, analyzing and otherwise dissecting collected Netflow data, with a good number most likely available via your favorite free Unix-like operating system's packages collection. My favorite combo is to set up an OpenBSD box as the gateway, have it export traffic data via the pflow(4) facility and do the collection and analysis bits somewhere via nfdump/nfsen (see eg nfsen.sourceforge.net for info).
There are various resources available within direct reach of web search, but I would also recommend taking a look at Michael W. Lucas' book Network Flow Analysis for a nice treatment of Netflow in general (it uses flow-tools, but most of what he writes will be useful in the context of other tools too).
Getting the Most Out of SSH
I think it's worth mentioning to anybody who enjoyed this article that Michael W. Lucas has a fresh SSH book out called 'SSH Mastery'. Initially an ebook, but becoming available right about now in a paper version too.
Amazon will have it, or if you're shopping for OpenBSD stuff anyway (as you should, OpenSSH which is almost certainly the ssh and sshd on your system, is essentially an in-tree development at OpenBSD), www.openbsd.org/books.html and tentacles of the ordering system will show you where to get it.
Europe's Largest IT Company To Ban Internal Email
I think the main problem here is that at least a s significant subset of the suits (and probably other non-techies) tend to think of Microsoft Exchange and its obnoxious client as the only way to handle email. Keep in mind that the main design smells appointment book not messaging. My longish rant on the topic can be found at http://bsdly.blogspot.com/2011/02/problem-isnt-email-its-microsoft.html , enjoy!
PETA To Launch Pornography Website
I'm pretty sure that embracing the root zone poisoning .xxx domain wankers is not ever going to earn them enough cash to help a single animal in need. This is a total waste of time and money IMNSHO.
The kind of story you'd expect to see in very-late March or very-early April, but that doesn't fit the calendar in that particular universe I inhabit.
Mozilla MemShrink Set To Fix Firefox Memory
firefox developers could do a lot worse than reading the openbsd-misc thread that starts with http://marc.info/?l=openbsd-misc&m=130683944229077&w=2 and take some of it to heart.
In the meantime I'd love any pointers at all to where you can buy the systems they used for development and testing - apparently you can actually buy systems with infinite memory so you can do extensive testing and never notice firefox has a memory management problem.
Number of firefox crashes while typing this comment: four.
Ask Slashdot: What To Do With Other People's Email?
I think you're touching on a very large part of the problem when you write
> The big problem I am having is with companies and websites. These emails are often no-reply, which means I can't send back a quick note.
I've always thought that sending messages with invalid return addresses or with a return address that's routed to the functional equivalent of /dev/null is intolerably rude. In fact, I think sending a message with the intention of discarding any reply is pretty close to the maxiumum amount of disrespect you can show your message's recipient.
I have one message to the executives of companies that send email with 'no-reply' return addresses deserve to be faced with a boycott: If you're not interested in reading our replies, we're not interested in sending you any money either.
I don't think Microsoft Exchange addiction (as I've blogged on in the past, see my .signature) should count as an excuse either. Sending mail with a deliverable return address is a matter of a minimum of common courtesy and civilty.
Linux Gets Dynamic Firewalls In Fedora 15
The concept isn't very new or radical, but it will be interesting to see how their implementation behaves in real life.
Over in OpenBSD land, PF has supported tables of IP addresses that can be manipulated on the fly for years (see eg these table samples. One common use is (courtesy of another useful adaptive feature called state tracking options) to detect and block bruteforcers (see eg this set of tutorial examples). In addition, the OpenBSD versions of dhcpd and bgpd as well as other applications are routinely set up to interact with your filtering config via tables.
Another adaptive or dynamic feature is anchors, named sub-rulesets where applications such as a proxy (ftp-proxy for example) or relayd (the load balancer) can insert and delete rules as needed. You can manipulate rules inside anchors from the command line too, of course.
My BSDCan slides has more material, as of course does The Book of PF, and never forget The PF docs as the authoritative source.
France Outlaws Hashed Passwords
The right-hand column on the BBC site has a link to a story called "Europe is 'losing' superbugs battle". The current story is a case in point: Europe is losing big time against the sinister "Stupidity" superbug.
FBI Alleged To Have Backdoored OpenBSD's IPSEC Stack
I'd be more than a little surprised if any part of the US government would in fact agree to let non-disclosure agreements expire automatically. That alone makes me suspicious that the truth content of these allegations is a little thin.
For those of you who are interested in finding out the facts, start by reading the whole thread on openbsd-tech (eg http://marc.info/?t=129236639300001&r=1&w=2 ), it's only a handful of messages so far and I find Damien Miller's response at http://marc.info/?l=openbsd-tech&m=129237675106730&w=2 particularly enlightening. (You're using Damien's code right now, in some other window -- he's been a major OpenSSH developer for quite a while).
Then again, I have to agree with Bob Beck (see http://marc.info/?l=openbsd-tech&m=129236730027908&w=2 ) that this is fairly likely to part of a personal vendetta of some sort, possibly against either the OpenBSD project or even something totally unrelated, using the OpenBSD project only as the attention-grabber in contexts such as /.
At this point we have only allegations with some finger pointing, I for one look forward to any real information to surface. The best way to draw out the real information behind this is to do what Theo did - publish the allegations and let the involved parties explain themselves in public.
Google eBookstore Launched
- such as No Starch press (http://nostarch.com), and quite possibly others.
I find it's always worth mentioning that there are publishers out there who respect their customers enough to not do the DRM dance, and from the author's view (yes, I am one) the danger of people not reading your stuff is more scary than the danger of not getting paid for every last copy.
Full disclosure: I have a book out on No Starch, The Book of PF, 2nd ed.
Analyzing Amazon's E-Book Loan Agreement
It's probably worth mentioning that there's at least one tech books publisher that publishes e-book versions in several formats (IIRC you get them all in a zip archive), with no DRM. That publisher is No Starch Press (http://nostarch.com).
I think for most of the writers who publish on No Starch, the thinking is that readers should have access to the material the form that's convenient to them, with as few restrictions as possible. For my own part, I see the bittorent trackers that turned up about four hours after the PDF version of the first edition of my book mainly as a sign that people appreciate my work.
Full disclosure: I have a title out on No Starch that's been available as ebook before the printed version is available (expected about Nov 10th), see http://nostarch.com/pf2.htm
OpenBSD 4.8 Released
Make sure you make a backup of your /etc/ directory beforehand and you are good to go. The upgrade process should keep your configuration intact, but it never hurts to be a bit cautious.
For /etc upgrades, there's sysmerge.
In fact, you can run sysmerge -x xetcNN.tgz -s etcNN.tgz and answer the friendly prompts before booting into the installer for the upgrade. Then after you've done the base system upgrade, set your PKG_PATH to something sensible and run pkg_add -u to upgrade your packages. Time needed is mainly a function of how good your connectivity to the packages mirror is.
OpenBSD 4.8 Released
There's a series of pictures at http://bsdly.blogspot.com/2010/01/goodness-of-men-and-machinery.html that tell you what the installer looked like in January. IIRC no huge changes have happened to it since then. But do try 4.8 or a recent snapshot (they come with installNN.iso files these days)
Take This GUI and Shove It
Repetition by hand, even by a skilled operator, is error prone. I think that's the main message in this article, and I couldn't agree more. The task at hand doesn't even have to be that complex.
That's why, in a system administration context, tools like puppet (http://www.puppetlabs.com/) and cfengine (http://cfengine.com) make so much sense.
Tools like those help you make sure that items that need to be the same stay the same, and make sure changes happen in sync across systems when need be (courtesy of your version control system). And of course, local variations can be catered to in a number of ways and maintained across global reconfigurations. If you're lucky enogh to be working on a Unix or BSD, that is. Not sure what's available in Cisco or Windows space.
Scientists Say Toads Can Predict Earthquakes
This makes it fairly obvious that it was actually toads, not mice, that rigged up the earth in the first place.
Nice bit of coverup, Douglas!
Next up, what species if not the dolphins? And what's the real qoute behind "So long and thanks for all the fish?"?
Deposit Checks To Your Bank By Taking a Photo
In Europe, checks are rare if not extinct, for something like the last 10 years at least. Direct transfers (IBAN) or similar just work and most people here do their banking mainly online anyhow.
Most likely you could talk your bank here into issuing a check for you if you ask them nicely, but it would almost certainly be more expensive than a straight electronic transfer.
On the other hand, somebody likely had fun and made a modest amount of money developing that check scannin app, so the effort I guess is not totally wasted.
badger.foo has no journal entries.